CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14512
https://notcve.org/view.php?id=CVE-2018-14512
23 Jul 2018 — An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0. • https://github.com/wuzhicms/wuzhicms/issues/143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14513
https://notcve.org/view.php?id=CVE-2018-14513
23 Jul 2018 — An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro form[content] en el URI index.php? • https://github.com/wuzhicms/wuzhicms/issues/145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14515
https://notcve.org/view.php?id=CVE-2018-14515
23 Jul 2018 — A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. Se ha descubierto una inyección SQL en WUZHI CMS 4.1.0 que permite que atacantes remotos inyecten una instrucción SQL maliciosa mediante el parámetro keywords en index.php?m=promotef=indexv=search. • https://github.com/wuzhicms/wuzhicms/issues/146 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11549
https://notcve.org/view.php?id=CVE-2018-11549
29 May 2018 — An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Scripting (XSS) persistente en "Account Settings -> Member Centre -> Chinese information -> Ordinary member" mediante un número QQ, tal y como queda demostrado con una subcadena form[qq_10]=. • https://github.com/wuzhicms/wuzhicms/issues/139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11528
https://notcve.org/view.php?id=CVE-2018-11528
29 May 2018 — WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. WUZHI CMS 4.1.0 tiene una inyección SQL mediante un URI api/sms_check.php?param=. • https://github.com/wuzhicms/wuzhicms/issues/138 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11493
https://notcve.org/view.php?id=CVE-2018-11493
26 May 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir un enlace de amistad mediante index.php? • https://github.com/wuzhicms/wuzhicms/issues/137 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10391
https://notcve.org/view.php?id=CVE-2018-10391
26 Apr 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) mediante el parámetro email en el URI index.php? • https://github.com/wuzhicms/wuzhicms/issues/134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10367
https://notcve.org/view.php?id=CVE-2018-10367
25 Apr 2018 — An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. Se ha descubierto un problema en WUZHI CMS 4.1.0. La característica content-management tiene Cross-Site Scrfipting (XSS) persistente mediante la sección title o content. • https://github.com/wuzhicms/wuzhicms/issues/135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10368
https://notcve.org/view.php?id=CVE-2018-10368
25 Apr 2018 — An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. Se ha descubierto un problema en WUZHI CMS 4.1.0. La característica "Extension Module -> System Announcement" tiene Cross-Site Scripting (XSS) persistente mediante un anuncio. • https://github.com/wuzhicms/wuzhicms/issues/136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2018-10311 – WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10311
24 Apr 2018 — A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. Se ha descubierto una vulnerabilidad en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro tag[pinyin] en el URI /index.php? • https://packetstorm.news/files/id/147597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •